Merge pull request #247 from devtron-labs/sync-2024-09-23-164137-0b7fc34

Sync changes from sync-2024-09-23-164137-0b7fc34
devtron-labs · Sep 23, 2024 · 6dc445d · 6dc445d
2 parents 0b7fc34 + 29b2bf2
commit 6dc445d
Show file tree

Hide file tree

Showing 24 changed files with 559 additions and 82 deletions.
diff --git a/charts/devtron/Chart.yaml b/charts/devtron/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: devtron-operator
-appVersion: 0.7.1
+appVersion: 0.7.2
 description: Chart to configure and install Devtron. Devtron is a Kubernetes Orchestration system.
 keywords:
   - Devtron
@@ -11,7 +11,7 @@ keywords:
   - argocd
   - Hyperion
 engine: gotpl
-version: 0.22.73
+version: 0.22.74
 sources:
   - https://github.com/devtron-labs/charts
 dependencies:

diff --git a/charts/devtron/devtron-bom.yaml b/charts/devtron/devtron-bom.yaml
@@ -8,13 +8,9 @@ global:
     runAsUser: 1000
     runAsNonRoot: true
   containerRegistry: "quay.io/devtron"
-  # The below values can be specified both at global as well as component level
-  nodeSelector: {}
-  tolerations: []
-  imagePullSecrets: []
 extraManifests: []
 installer:
-  release: "v0.7.1"
+  release: "v0.7.2"
   registry: ""
   image: "inception"
   tag: "473deaa4-185-21582"
@@ -30,21 +26,25 @@ components:
         ENABLE_CI_JOB: "true"
         GLOBAL_API_TIMEOUT: "60000"
         TRIGGER_API_TIMEOUT: "60000"
-        ENABLE_EXTERNAL_ARGO_CD: "false"
+        ENABLE_EXTERNAL_ARGO_CD: "true"
         SERVICE_WORKER_TIMEOUT: "1"
         API_BATCH_SIZE: "30"
+        FEATURE_EXTERNAL_FLUX_CD_ENABLE: "true"
+        FEATURE_STEP_WISE_LOGS_ENABLE: "true"
+        FEATURE_USER_DEFINED_GITOPS_REPO_ENABLE: "true"
+        ENABLE_RESOURCE_SCAN: "true"
     registry: ""
-    image: "dashboard:5f95d187-690-23841"
+    image: "dashboard:215319c7-690-25536"
     imagePullPolicy: IfNotPresent
   devtron:
     registry: ""
-    image: "hyperion:291c4c75-280-23860"
-    cicdImage: "devtron:291c4c75-434-23853"
+    image: "hyperion:3f68456b-280-25566"
+    cicdImage: "devtron:3f68456b-434-25567"
     imagePullPolicy: IfNotPresent
     customOverrides: {}
   ciRunner:
     registry: ""
-    image: "ci-runner:48aca9f4-138-23844"
+    image: "ci-runner:fd5702db-138-25483"
   argocdDexServer:
     registry: ""
     image: "dex:v2.30.2"
@@ -53,7 +53,7 @@ components:
       authenticator: "authenticator:e414faff-393-13273"
   kubelink:
     registry: ""
-    image: "kubelink:0dee6306-564-23843"
+    image: "kubelink:6ef0fbbe-564-25533"
     imagePullPolicy: IfNotPresent
     configs:
       ENABLE_HELM_RELEASE_CACHE: "true"
@@ -71,7 +71,7 @@ components:
       keyName: postgresql-password
   kubewatch:
     registry: ""
-    image: "kubewatch:850b40d5-419-23840"
+    image: "kubewatch:7c8611f4-419-25531"
     imagePullPolicy: IfNotPresent
     configs:
       devtroncd_NAMESPACE: "devtron-ci"
@@ -91,7 +91,7 @@ components:
       armImage: postgres_exporter:v0.10.1
   gitsensor:
     registry: ""
-    image: "git-sensor:86e13283-200-23847"
+    image: "git-sensor:5b9cf0ec-200-25481"
     imagePullPolicy: IfNotPresent
     serviceMonitor:
       enabled: false
@@ -109,7 +109,7 @@ components:
   # Values for lens
   lens:
     registry: ""
-    image: "lens:56211042-333-23839"
+    image: "lens:9db8a2fb-333-25482"
     imagePullPolicy: IfNotPresent
     configs:
       GIT_SENSOR_PROTOCOL: GRPC
@@ -154,7 +154,7 @@ components:
         DB_NAME: "lens"
   chartSync:
     registry: ""
-    image: chart-sync:5a1d0301-150-23845
+    image: chart-sync:13ffae06-150-25515
 # values for argocd integration
 argo-cd:
   global:
@@ -174,14 +174,14 @@ workflowController:
   IMDSv1ExecutorImage: "argoexec:v3.0.7"
 security:
   imageScanner:
-    image: "image-scanner:137872c2-141-23848"
+    image: "image-scanner:348201f8-141-25486"
   clair:
     image:
       repository: clair
       tag: 4.3.6
 # Values for notifier integration
 notifier:
-  image: "notifier:9639b1ab-372-23850"
+  image: "notifier:06392394-372-25535"
 minio:
   image: "minio:RELEASE.2021-02-14T04-01-33Z"
   mbImage: "minio-mc:RELEASE.2021-02-14T04-28-06Z"
@@ -200,3 +200,27 @@ monitoring:
       image: "k8s-sidecar:1.1.0"
       curlImage: "curl:7.73.0"
       imagePullPolicy: IfNotPresent
+devtronEnterprise:
+  enabled: false
+  casbin:
+    registry: ""
+    image: "casbin:efc28fb2-6de0e914-462-25420"
+    imagePullPolicy: IfNotPresent
+    configs:
+      PG_ADDR: postgresql-postgresql.devtroncd
+      PG_DATABASE: casbin
+      PG_PORT: "5432"
+      PG_USER: postgres
+    dbconfig:
+      secretName: postgresql-postgresql
+      keyName: postgresql-password
+    resources: {}
+  scoop:
+    enabled: false
+    registry: ""
+    image: "scoop:296d351d-629-24001"
+    imagePullPolicy: IfNotPresent
+    resources: {}
+    configs:
+      CLUSTER_ID: "1"
+      ORCHESTRATOR_URL: http://devtron-service.devtroncd.svc.cluster.local/orchestrator
diff --git a/charts/devtron/templates/_helpers.tpl b/charts/devtron/templates/_helpers.tpl
@@ -19,13 +19,19 @@ it randomly.
 {{- end -}}
 {{- end }}
 
+{{- define "imagePullSecret" }}
+{{- with .Values.imagePullSecret.credentials }}
+{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end }}
+{{- end }}
+
 {{/*
 Expand the node selectors, tolerations, and image pull secrets for a Kubernetes resource.
 Usage:
-{{ include "common.nodeSelector" (dict "nodeSelector" .Values.path.to.nodeSelector "tolerations" .Values.path.to.tolerations "imagePullSecrets" .Values.path.to.imagePullSecrets "global" .Values.global ) }}
+{{ include "common.schedulerConfig" (dict "nodeSelector" .Values.path.to.nodeSelector "tolerations" .Values.path.to.tolerations "imagePullSecrets" .Values.path.to.imagePullSecrets "global" .Values.global ) }}
 */}}
 
-{{- define "common.nodeSelector" -}}
+{{- define "common.schedulerConfig" -}}
   {{- if .nodeSelector }}
 nodeSelector:
 {{ toYaml .nodeSelector | indent 2 }}

diff --git a/charts/devtron/templates/app-sync-job.yaml b/charts/devtron/templates/app-sync-job.yaml
@@ -11,7 +11,7 @@ spec:
   template:
     spec:
       serviceAccountName: devtron
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 6 }}
       initContainers:
       - name: migration-wait
         image: {{ include "common.image" (dict "component" $.Values.components.migrator "global" $.Values.global "extraImage" $.Values.components.migrator.kubectlImage ) }}
@@ -75,7 +75,8 @@ spec:
     spec:
       template:
         spec:
-          {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 10 }}
+          serviceAccountName: chart-sync
+          {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.chartSync.nodeSelector "tolerations" $.Values.components.chartSync.tolerations "imagePullSecrets" $.Values.components.chartSync.imagePullSecrets "global" $.Values.global) | indent 10 }}
           {{- if and $.Values.global $.Values.global.podSecurityContext }}
           securityContext:
 {{- toYaml $.Values.global.podSecurityContext | nindent 12 }}

diff --git a/charts/devtron/templates/casbin.yaml b/charts/devtron/templates/casbin.yaml
@@ -0,0 +1,125 @@
+{{- if and .Values.devtronEnterprise.enabled }}
+{{- with .Values.devtronEnterprise.casbin }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: casbin
+    release: casbin
+  name: casbin
+  namespace: devtroncd
+spec:
+  minReadySeconds: 60
+  replicas: 1
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app: casbin
+      release: casbin
+  template:
+    metadata:
+      labels:
+        app: casbin
+        release: casbin
+    spec:
+      serviceAccountName: devtron-default-sa
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.devtronEnterprise.casbin.nodeSelector "tolerations" $.Values.devtronEnterprise.casbin.tolerations "imagePullSecrets" $.Values.devtronEnterprise.casbin.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      containers:
+        - name: casbin
+          image: {{ include "common.image" (dict "component" $.Values.devtronEnterprise.casbin "global" $.Values.global) }}
+          {{- if  .imagePullPolicy }}
+          imagePullPolicy: {{ .imagePullPolicy }}
+          {{- end }}
+          env:
+            - name: DEVTRON_APP_NAME
+              value: casbin
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- if .dbconfig }}
+            - name: PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .dbconfig.secretName }}
+                  key: {{ .dbconfig.keyName }}
+            {{- end }}
+          envFrom:
+            - configMapRef:
+                name: casbin-cm
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /health
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /health
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          ports:
+            - containerPort: 8080
+              name: http
+              protocol: TCP
+            - containerPort: 9000
+              name: app
+              protocol: TCP
+          {{- if .resources }}
+          resources:
+{{ toYaml .resources | indent 12 }}
+          {{- end }}
+          volumeMounts: []
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      volumes: []
+---
+# Casbin ConfigMap
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: casbin-cm
+  namespace: devtroncd
+  labels:
+    app: casbin
+    release: casbin
+{{- if .configs }}
+data:
+{{ toYaml .configs | indent 2 }}
+{{- end }}
+---
+# Casbin Service
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: casbin
+    release: casbin
+  annotations:
+    "helm.sh/resource-policy": keep
+  name: casbin-service
+  namespace: devtroncd
+spec:
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: http
+    - name: app
+      port: 9000
+      protocol: TCP
+      targetPort: app
+  selector:
+    app: casbin
+    release: casbin
+  type: ClusterIP
+{{- end}}
+{{- end}}
diff --git a/charts/devtron/templates/configmap-secret.yaml b/charts/devtron/templates/configmap-secret.yaml
@@ -247,9 +247,9 @@ data:
   PG_PASSWORD: {{ $postgresPwd }}
 {{- if $.Values.installer.modules }}
 {{- if has "cicd" $.Values.installer.modules }}
+  ORCH_TOKEN: {{ $ORCH_TOKEN }}
   EXTERNAL_CI_API_SECRET: {{ $EXTERNAL_CI_API_SECRET }}
   WEBHOOK_TOKEN: {{ $WEBHOOK_TOKEN }}
-  ORCH_TOKEN: {{ $ORCH_TOKEN }}
   DEX_SECRET: {{ $DEX_SECRET }}
   DEX_JWTKEY: {{ $DEX_JWTKEY }}
   DEX_CSTOREKEY: {{ $DEX_CSTOREKEY }}
@@ -289,3 +289,57 @@ data:
   {{- end }}
   {{- end }}
 type: Opaque
+
+{{- if $.Values.imagePullSecret }}
+{{- if $.Values.imagePullSecret.create }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }}
+  namespace: devtroncd
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "imagePullSecret" . }}
+
+{{- if eq .Values.imagePullSecret.namespaceScope "all" }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }}
+  namespace: devtron-cd
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "imagePullSecret" . }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }}
+  namespace: devtron-ci
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "imagePullSecret" . }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default "devtron-image-pull" .Values.imagePullSecret.name }}
+  namespace: argo
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "imagePullSecret" . }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/devtron/templates/dashboard.yaml b/charts/devtron/templates/dashboard.yaml
@@ -77,7 +77,8 @@ spec:
       securityContext:
 {{- toYaml $.Values.global.podSecurityContext | nindent 8 }}
       {{- end }}
-      {{ include "common.nodeSelector" (dict "nodeSelector" $.Values.components.dashboard.nodeSelector "tolerations" $.Values.components.dashboard.tolerations "imagePullSecrets" $.Values.components.dashboard.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      {{- include "common.schedulerConfig" (dict "nodeSelector" $.Values.components.dashboard.nodeSelector "tolerations" $.Values.components.dashboard.tolerations "imagePullSecrets" $.Values.components.dashboard.imagePullSecrets "global" $.Values.global) | indent 6 }}
+      serviceAccountName: devtron-default-sa
       containers:
         - name: dashboard
           image: {{ include "common.image" (dict "component" $.Values.components.dashboard "global" $.Values.global) }}